2025-10-07CVE-2025-56383 is one of the most absurd entries we’ve ever seen in the National Vulnerability Database.It’s misclassified under CWE-427: Uncontrolled Search Path Element. Yet the provided POC shows no connection to CWE-427.Notepad++ & its plugins are installed by default in the protected “Program Files” directory, requiring administrator privileges to modify. If an attacker already has those rights, they could replace any system file - so targeting a plugin is pointless. Continue reading at the publisher's website.
2025-08-12There is a critical regression in release v8.8.4. Please use v8.8.5 instead. Continue reading at the publisher's website.
2025-07-09“Sometimes, when one door closes (lack of code signing) in life, another one opens (vulnerability) .” The sentence sumarizes well the situation in the previous version, 8.8.2.There were - and still are - many false-positives reported in the previous version v8.8.2, by the antivirus software due to the absence of Windows code signing certificate. To prevent this issue from recurring in future releases, from this version the Notepad++ release is signed with a certificate issued by a self-signed Certificate Authority (CA). Continue reading at the publisher's website.